Symantec Endpoint Security (SES) provides a multi-layered defense strategy designed to protect traditional and mobile endpoints through attack surface reduction and advanced breach prevention. However, administrators often notice that certain advanced features—specifically Threat Defense for Active Directory (TDAD)—may appear restricted or missing within the management console.

Understanding the specific capabilities tied to your subscription is vital for maintaining compliance and ensuring your environment is fully protected. This article explains why the Active Directory Security policy is unavailable in the SES Enterprise tier and details the licensing requirements for enabling these breach prevention technologies.

Platform: Symantec Endpoint Security (SES) Cloud

Subscription Tier: SES Enterprise

Feature: Threat Defense for Active Directory (TDAD) / Active Directory Security Policies

Feature Availability and Licensing

In the Symantec security ecosystem, features are unlocked based on the specific license level purchased. While the SES Enterprise license provides a robust foundation for endpoint protection, it does not include the advanced Breach Prevention technology required for Active Directory Security (TDAD).

Key Points Regarding License Compliance:

• Visible but Inaccessible: You may still see TDAD policies, settings, or the AD Gateway option within the console UI. However, these features will remain inactive or "greyed out" because the Enterprise license does not grant the rights to use them.

• Gateway Requirements: Even if an AD Gateway is configured, the underlying security logic for TDAD will not trigger without the appropriate license entitlement.

The Solution: Upgrading to SES Complete

To gain full access to Threat Defense for Active Directory and other advanced detection and response (EDR/XDR) capabilities, an upgrade to the Symantec Endpoint Security (SES) Complete license is required.

For a comprehensive breakdown of feature sets across different license tiers, please review the following official Broadcom resources:

• Symantec Endpoint Security License Comparison

• Broadcom Support Portal: Verify your current entitlement status under the "Subscriptions" tab in your SES console.

Would you like me to generate a summary of the additional security features unlocked when moving from SES Enterprise to SES Complete?